Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

14,945 advisories

Loading
Exposure of Resource to Wrong Sphere and Insecure Temporary File in Ansible Low
CVE-2020-10744 was published for ansible (pip) Feb 9, 2022
Ansible vulnerable to Exposure of Resource to Wrong Sphere and Insecure Temporary File Low
CVE-2020-1733 was published for ansible (pip) Apr 20, 2021
Kubernetes Secrets Store CSI Driver plugins arbitrary file write Low
CVE-2020-8567 was published for github.com/Azure/secrets-store-csi-driver-provider-azure (Go) May 24, 2022
GuardDog vulnerable to arbitrary file write when scanning a specially-crafted PyPI package Low
CVE-2022-23531 was published for guarddog (pip) Dec 2, 2022
GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package Low
CVE-2022-23530 was published for guarddog (pip) Dec 5, 2022
Sim4n6 Credited to Sim4n6
Incorrect signature verification in django-ses Low
CVE-2023-33185 was published for django-ses (pip) May 22, 2023
josephsurin Credited to josephsurin
Weblate vulnerable to improper sanitization of project backups Low
CVE-2024-39303 was published for Weblate (pip) Jul 1, 2024
quehill Credited to quehill
OpenSearch Observability does not properly restrict access to private tenant resources Low
CVE-2024-39901 was published for org.opensearch.plugin:opensearch-observability (Maven) Jul 10, 2024
dbt has an implicit override for built-in materializations from installed packages Low
CVE-2024-40637 was published for dbt-core (pip) Jul 17, 2024
brabster Credited to brabster
ProcessWire Cross Site Request Forgery vulnerability Low
CVE-2024-41597 was published for processwire/processwire (Composer) Jul 19, 2024
snapd failed to properly check the destination of symbolic links when extracting a snap Low
CVE-2024-29069 was published for github.com/snapcore/snapd (Go) Jul 25, 2024
Hono CSRF middleware can be bypassed using crafted Content-Type header Low
CVE-2024-43787 was published for hono (npm) Aug 22, 2024
wataru-chocola Credited to wataru-chocola
CometBFT's state syncing validator from malicious node may lead to a chain split Low
GHSA-g5xx-c4hv-9ccc was published for github.com/cometbft/cometbft (Go) Sep 3, 2024
Path traversal vulnerability in stripe-cli Low
CVE-2024-45401 was published for github.com/stripe/stripe-cli (Go) Sep 5, 2024
express vulnerable to XSS via response.redirect() Low
CVE-2024-43796 was published for express (npm) Sep 10, 2024
AdamKorcz Credited to AdamKorcz, UlisesGascon, ctcpip, and wesleytodd UlisesGascon UlisesGascon
ctcpip ctcpip wesleytodd wesleytodd
serve-static vulnerable to template injection that can lead to XSS Low
CVE-2024-43800 was published for serve-static (npm) Sep 10, 2024
AdamKorcz Credited to AdamKorcz, UlisesGascon, ctcpip, and wesleytodd UlisesGascon UlisesGascon
ctcpip ctcpip wesleytodd wesleytodd
Keycloak vulnerable to impersonation via logout token exchange Low
CVE-2023-0657 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
In the Linux kernel, the following vulnerability has been resolved: udf: refactor inode_bmap()... Low Unreviewed
CVE-2024-50211 was published Nov 8, 2024
vantage6 does not properly delete linked resources when deleting a collaboration Low
CVE-2023-41881 was published for vantage6 (pip) Oct 16, 2023
Directory Traversal vulnerability in GET/PUT allows attackers to Disclose Information or Write Files via a crafted GET/PUT request Low
CVE-2020-15239 was published for xmpp-http-upload (pip) Oct 6, 2020
ChristianTacke Credited to ChristianTacke
Incorrect parsing of nameless cookies leads to __Host- cookies bypass Low
CVE-2023-23934 was published for Werkzeug (pip) Feb 15, 2023
lavish Credited to lavish
CHECK-fail in `QuantizeAndDequantizeV4Grad` Low
CVE-2021-29544 was published for tensorflow (pip) May 21, 2021
Regular Expression Denial of Service (ReDoS) in @eslint/plugin-kit Low
CVE-2024-21539 was published for @eslint/plugin-kit (npm) Nov 15, 2024
mariancorneci-snyk Credited to mariancorneci-snyk, SuperMaxine, and MikuroXina SuperMaxine SuperMaxine
MikuroXina MikuroXina
Harden-Runner has a command injection weaknesses in `setup.ts` and `arc-runner.ts` Low
CVE-2024-52587 was published for step-security/harden-runner (GitHub Actions) Nov 18, 2024
woodruffw Credited to woodruffw
In pq, there is a possible out of bounds read due to an incorrect bounds check. This could lead... Low Unreviewed
CVE-2024-20038 was published Mar 4, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database